Storage system for managing a log of access

ABSTRACT

Provided is a storage system including: a first interface connected to a host computer; a second interface connected to a manager terminal; a control unit connected to the first interface and the second interface and equipping a processor and a memory; and one or more disk drives in which data that is requested to read by the host computer is stored, in which the control unit detects an access from the host computer to the first interface and an access from the manager terminal to the second interface, and generates log data of operations according to the accesses. Accordingly, log data concerning every action and every operation of the storage system is maintained and stored.

CLAIM OF PRIORITY

The present application claims priority from Japanese patent applicationP2005-302766 filed on Oct. 18, 2005, the content of which is herebyincorporated by reference into this application.

BACKGROUND

This invention relates to a storage system used for a computer system,and more particularly to a log management technique for a storagesystem.

Recent advances of network technology have been introducing computersystems connected to networks in various environments such as companies,schools, and homes. In companies and schools, a group of computersinstalled in an organization are connected to a network to allowinformation sharing among the computers, and each computer is connectedto the Internet to transmit information. The trend dramaticallyincreases an information amount processed in systems. To adapt to theincreasing information amount in circulation, capacities of storagesystems used by users are also increasing rapidly.

In the above-mentioned situation where widespread network systems havemade it common to use the storage systems connected to networks, theimprovement of security in a storage system becomes increasinglyimportant.

In recent years, thefts and corruptions of information have occurred dueto unauthorized intrusions into network systems, while even governmentand municipal offices or companies have suffered damage fromunauthorized access to tamper with their Websites.

Such security issues involve a method of exploit security holes toattack an operating system or software via computer network. Inaddition, there is a fear that unauthorized access to a storage systemmay cause data stored in the storage system to be read, deleted, oraltered in structure.

For example, JP 2002-111667 A discloses one of security countermeasuresto such unauthorized access, in which a log is maintained in order todetect and monitor unauthorized operation. In addition, the maintainedlog is stored for later use as an inspection record upon occurrence ofany problems or failures.

Further, the security evaluation standard ISO/IEC 17799 stipulates thatlog collection is recommended in order to facilitate the procedure forhandling failures or security-related issues upon the occurrencethereof. Further, various laws and regulations are beginning tostipulate that a log be obtained from an information system, and theobtained log be stored for a long term. Furthermore, when an informationsystem failure results in a serious accident or incident, it isnecessary to use a log as an evidence for diagnosing the cause thereof.

By storing manipulation records and operation records of an informationsystem, such a diagnosis is possible as to whether the cause of failureis attributed to a certain action of a device in the information systemor a certain operation during unauthorized access. Therefore, the log issignificant information in terms of running the information system.

Meanwhile, a storage system have adopted a method of keeping a record ofaccess from hosts as an access log. When a storage usage of the accesslog reaches an upper limit, older records of the access log areoverwritten by newer records thereof to be deleted in order.

SUMMARY

In terms of unauthorized intrusion into a computer system as describedabove, a storage system connected to a network is increasinglyendangered. However, there has been a problem in that, even if accidentsor troubles occur in a storage system or an information system includingthe storage system, the reference to a log maintained in the storagesystem leads to neither diagnosis of the cause nor collection ofevidences.

Even without such unauthorized access, there is another fear that therunning of the storage system may stop due to occurrence of anyfailures, such as parts' life expiration and malfunction, in the storagesystem itself. In such a case, it is also difficult to diagnose thecause of failure.

In such circumstances, in order to handle the above-mentioned varioussituations, it is becoming more important to obtain a log recordingdetails of operation and processing performed in the storage system.

This invention has been made in view of the above-mentioned problem, andit is therefore an object to provide a storage system in which a logconcerning every action and every operation of the storage system ismaintained and stored.

According to an exemplary embodiment of this invention, there isprovided a storage system including: a first interface connected to hostcomputers; a second interface connected to manager terminals; a controlunit connected to the first interface and the second interface andincluding a processor and a memory; and one or more disk drives in whichdata that is requested to read by the host computers is equipped, inwhich the control unit detects an access from the host computer to thefirst interface and an access from the manager terminal to the secondinterface, and generates a log of operations according to the accesses.

According to an embodiment of this invention, it is possible to recordevery processing requested through various interfaces provided to astorage system and each processing performed within the storage systemon a log in a uniform format.

BRIEF DESCRIPTION OF THE DRAWINGS

The present invention can be appreciated by the description whichfollows in conjunction with the following figures, wherein:

FIG. 1 is a functional block diagram showing a system structure of astorage system according to a first embodiment;

FIG. 2 is a block diagram showing a hardware structure of the storagesystem according to the first embodiment;

FIG. 3 is an explanatory diagram of a log generation processing of thestorage system according to the first embodiment;

FIG. 4 is a flowchart showing a log output processing according to thefirst embodiment;

FIG. 5 is a flowchart showing a log generation processing according tothe first embodiment;

FIG. 6 is a flowchart showing a log format unification processingaccording to the first embodiment;

FIG. 7 is an explanatory diagram of a uniform log format templateaccording to the first embodiment;

FIG. 8 is an explanatory diagram of an example of a log generatedaccording to the first embodiment;

FIG. 9 is an explanatory diagram of an example of a log integrationprocessing performed between a plurality of controllers according to thefirst embodiment;

FIG. 10 is an explanatory diagram of a processing relating toconfiguration of a log storage area according to the first embodiment;

FIG. 11 is a flowchart of a management processing for log storage areaaccording to the first embodiment;

FIG. 12 is an explanatory diagram of an LU access management tableaccording to the first embodiment;

FIG. 13 is an explanatory diagram of a processing of generating a logafter recognizing access to the storage system according to the firstembodiment;

FIG. 14 is an explanatory diagram of a log storage area registrationscreen according to the first embodiment;

FIG. 15 is an explanatory diagram of a data migration processingperformed between storage systems according to the first embodiment;

FIG. 16 is an explanatory diagram of an inter-storage-system migrationmanagement table according to the first embodiment;

FIG. 17 is a block diagram showing a hardware structure of a storagesystem according to a second embodiment; and

FIG. 18 is a block diagram showing a hardware structure of a storagesystem according to a third embodiment.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

According to a representative embodiment of this invention, everyoperation to a storage system received through every kind of interfacethat can be connected to the storage system is automatically recorded bythe storage system itself as a log.

The storage system is provided with various interfaces using FibreChannel (FC), Small Computer Systems Interface over Internet (iSCSI),Network Attached Storage (NAS), management Local Area Network (LAN),etc., and generates a log upon detection of access from a host computer600 and a manager terminal 400 to the various interfaces. The generatedlog includes information on which computer is using the storage system.Block access to the storage system is also recorded on the log accordingto a template unique to the storage system. In addition, details ofaction performed within the storage system are recorded on the logaccording to the same template.

The storage system thus maintains the log, making it possible toreference to records of operation of the storage system as needed, andupon occurrence of a failure, making it possible to track down a causethereof. In addition, it is possible to reference to an workingcondition of the storage system, which brings efficiency to theoperation and management of the storage system.

Further, log data can be updated only from a permitted access source,which imposes limitations on who can maintain the log. Permission isgiven to a program running on the storage system as the permitted accesssource, thereby preventing writing, modifying, and deletion of the logdue to the operation from an outside of the storage system.

Hereinafter, embodiments of this invention will be described in detailwith reference to the drawings.

(First Embodiment)

FIG. 1 is a functional block diagram showing a system structure of astorage system 100 according to a first embodiment.

The storage system 100 equips a controller 200 and a disk drive 195.

The controller 200 equips a log management module 110 and a timesynchronization module 131. The log management module 110 includes a logstorage area management module 121, a log migration management module126, a log generation module 141, a log writing control module 151, alog integration module 161, and a log transmission module 171. Asdescribed later, the controller 200 equips an MPU 220 and a memory 250,in which the MPU 220 executes various programs stored in the memory 250to implement the above-mentioned modules.

When the controller 200 receives a host I/O request from a host 600 anda request of management operation from a manager terminal 400, thecontroller 200 performs processings corresponding to those requests. Thelog management module 110 generates log data relating to details ofrequested operations and processings corresponding to the requests, andstore the log data in the disk drive 195.

The log generation module 141 is implemented by executing the loggeneration program 140, and generates log data relating to the operationto the storage system 100 and the details of processings according tothe operation. The log writing control module 151 is implemented byexecuting a log writing control program 150, and writes the generatedlog data to a cache 180.

It should be noted that in the case where a plurality of controllers 200are in operation, one of those controllers is set as a main controllerfor mainly managing log. The log management module 110 of the maincontroller outputs log that incorporates the processing details ofanother controller.

In other words, the log integration module 161 of the main controllersynchronizes log data stored in caches 180 of the respectivecontrollers, and stores all the log data in the cache 180 of the maincontroller.

Then, the log transmission module 171 of the main controller transmitsthe log data stored in the cache 180 to a log server 300 connected tothe storage system 100.

The log integration module 161 is implemented by executing a logintegration program 160. The log transmission module 171 is implementedby executing a log transmission program 170.

Further, the controller 200 writes the log data stored in the cache 180to a log storage area 190 set in the disk drive 195 periodically (forexample, at a predetermined time interval). Accordingly, the log storagearea management module 121 is implemented by executing a log storagearea management program 120, a log storage area for storing log data isreserved in the disk drive 195 in advance.

The log migration management module 126 is implemented by executing alog migration management program 125, and migrates log data to/fromanother storage system 100. FIG. 15 will be used later to describe a logdata migration processing.

The time synchronization module 131 is implemented by executing a timesynchronization program 130, and in order to share the same time amongthe computer system, communicates with a time server 500 to synchronizean internal clock. Accurate synchronization of the internal clock allowsthe log data to include accurate time information therein.

FIG. 2 is a block diagram showing a hardware structure of the storagesystem 100 according to the first embodiment.

The storage system 100 is connected to the log server 300, the managerterminal 400, the time server 500, and the host 600 through a network.It should be noted that part or all of those may be directly connectedto the storage system 100.

The storage system 100 equips the plurality of controllers 200 and astorage device 260. It should be noted that the two controllers 200 areshown in the drawing, but the number of controllers 200 is not limitedthereto.

The controller 200 equips a host interface 210, a LAN interface 230, theMPU 220, a Data Controller (DCTL) 240, the memory 250, and the cache180.

The host interface 210 controls communications with the host 600 viaprotocols suitable for data transfer such as Fibre Channel (FC), NetworkAttached Storage (NAS), and Internet SCSI (iSCSI). The LAN interface 230uses protocols including TCP/IP to control management-basedcommunications with the time server 500, the log server 300, and themanager terminal 400.

The DCTL 240 controls data transfer within the storage system 100.

The memory 250 stores the various programs and data necessary forexecuting the programs. To be specific, the memory 250 stores the logstorage area management program 120, the log migration managementprogram 125, the time synchronization program 130, the log generationprogram 140, the log writing control program 150, the log integrationprogram 160, and the log transmission program 170. Those programs arestored in the storage device 260, transferred to the memory 250 uponstart of the storage system 100, and then executed by the MPU 220.

The cache 180 stores various information items to be used by the logmanagement module 110. To be specific, the cache 180 stores logconfiguration information 181, log data 182, time synchronizationconfiguration information 183, and time data 184. It should be notedthat in the first embodiment, the various information items are storedin the cache, but as described later in a second embodiment, part or allof the various information items may be stored in a storage medium otherthan the cache.

The log configuration information 181 is configured with regard tocollection of log, including a stored location of the log storage area,a size of the log storage area, a term over which the log storage areais managed, and an address of a log server at a log transmissiondestination. The log data 182 is obtained by temporarily storing a loggenerated by the log generation program 140.

The time synchronization configuration information 183 is configuredwith regard to the synchronization of the internal clock, including atiming of the time synchronization and an address of the time server500. The time data 184 is obtained by the time synchronization program130 through the communications with the time server 500.

The storage device 260 equips one or more disk drives 195. The diskdrives 195 are each a storage medium for storing data. In general, amagnetic disk is used as the storage medium, but other media includingan optical disk may be used. The storage device 260 is provided with oneor more logical areas in which data to be used by the host computer 600is stored. The storage device 260 is also provided with the log storagearea in which the generated log data is stored.

It should be noted that the disk drives 195 constitute a Redundant Arrayof Independent Disks (RAID) configuration to provide redundancy of thedata to be stored. This prevents the stored data from being lost evenwhen a failure occurs in part of the disk drives 195.

It should be noted that, although not shown, the time server 500, thelog server 300, the manager terminal 400, and the host 600 are computerseach including a processor, a memory, an interface, a storage device, aninput device, and a display device that are connected to one another viaan internal bus.

FIG. 3 is an explanatory diagram of a log generation processing of thestorage system 100 according to the first embodiment.

A controller program 201 executes an internal processing of the storagesystem 100. FIG. 3 shows copy processing from a original disk volume toa duplicated disk volume. The controller program 201 operates undercontrol of the DCTL 240. It should be noted that the DCTL 240 may beconfigured not by a processor, but by a hardware logic that operates inthe same manner as the controller program 201.

When the controller program 201 executes a requested process, thecontroller program 201 notifies the log management module 110 of theprocessing details and processing results. When the log generationprogram 140 receives the notification from the controller program 201,the log generation program 140 generates log including information aboutwhat process performed and what results are obtained, and stores the login the log storage area 190.

FIG. 3 shows an example case of generating log relating to the internaloperation of the storage system 100. However, processings in response tothe host I/O request from a host 600 and the management operationrequest from a manager terminal 400 are similarly recorded in log basedon the notification from the controller program 201.

FIG. 4 is a flowchart showing log output processing according to thefirst embodiment.

In the log output processing, upon reception of a host command or amanagement command, the storage system 100 outputs the processingdetails and processing results involved in the command to the logstorage area 190. Then, the storage system 100 transmits the stored logto the log server 300.

First, the controller 200 receives an I/O command from the host 600through the host interface 210. Alternatively, the controller 200receives a management command from the manager terminal 400 through theLAN interface 230 (S101).

After that, the controller 200 performs a processing corresponding tothe command received in the step S1101 (S1102).

After that, the log generation program 140 generates log data based onthe executed processing details (S1103). It should be noted that FIG. 5will be used to describe the log generation processing in detail.

After that, the main controller 200 synchronizes their each log data(S1104). It should be noted that FIG. 9 will be used to describe a logintegration processing.

After that, the log writing control program 150 judges whether or notthe log storage area 190 has enough free capacity to allow a log to bewritten (S1105). When it is judged that the free capacity is too smallto write the log, the storage system 100 is stopped (S1109) to end thelog output processing.

On the other hand, when the log storage area has sufficient capacity,the log data generated in the step S1105 is written to the log storagearea 190 (S1106).

Next, the log transmission program 170 refers to the log configurationinformation 181 stored in the cache 180 to judge whether an address ofthe log server 300 to which the log is to be transmitted is configuredor not (S1107).

When the result indicates that the address of the log server 300 isalready configured which implies that configuration have been made forlog transmission to the external log server 300, the generated log istransmitted to the log server 300 (S1108). After that, the log outputprocessing finishes.

On the other hand, when the address of the log server 300 is notconfigured, which implies that no configuration have been made for thelog transmission to the external log server 300, the log outputprocessing comes to an end.

FIG. 5 is a flowchart showing the log generation processing (S1103 ofFIG. 4) according to the first embodiment, which is executed by the loggeneration program 140.

First, the log generation program 140 obtains a command to be executedby the controller 200 (S1201), and then obtains execution results of thecommand (S1202).

To be specific, upon execution of a process involved in the command, thecontroller program 201 notifies the log generation program 140 of theprocessing details and processing results involved in the command.

Next, the log generation program obtain the time data 184 stored in thecache 180 (S1203).

After that, collected information items are adjusted to a uniform format(hereinafter, referred to as “formatted”) for outputting to log (S1204).It should be noted that FIG. 6 will be used later to describe a logformat processing.

Finally, the formatted log data is stored in the cache 180 (S1205),which ends the log generation processing.

FIG. 6 is a flowchart showing the log format processing (S1204 of FIG.5) according to the first embodiment, which is executed by the loggeneration program 140.

First, a uniform log format template 1500 stored in the cache 180 isobtained (S1401).

Then, information items corresponding to fields defined in the uniformlog format template 1500 are obtained from the collected informationitems (S1402).

Then, it is judged whether or not the corresponding information items upto the last fields defined in the uniform log format template 1500 havebeen obtained (S1403). When the results indicates that the informationitems up to the last field defined in the uniform log format template1500 have not been obtained yet, the procedure returns to the step S1402to obtain an information item corresponding to the subsequent field. Onthe other hand, when all the information items up to the last field havebeen obtained, the procedure advances to a step S1404.

In the step S1404, fields within the uniform log format template 1500are correspondingly filled with the obtained information items togenerate formatted log data (S1404).

FIG. 7 is an explanatory diagram of the uniform log format template 1500according to the first embodiment.

The uniform log format template 1500 is used for generating formattedlog relating to processings corresponding to requests received throughvarious interfaces, and includes an item order 1501 and an item name1502. The uniform log format template 1500 is stored in the cache 180.

The item order 1501 defines an output order of the information items aslog data. The item name 1502 defines information details to be outputtedas log data.

According to the uniform log format template 1500, log as shown in FIG.8 is generated.

Log data 800 shown in FIG. 8 includes an occurrence date of an event, adetecting program, a operator, a description of an operation, an eventresult, a operation target device, an identifier of a operation targetdevice, and access source information. The log data 800 is recorded in aformat conforming to the syslog format, and outputted from the logmanagement module 110.

For example, in a first entry shown in FIG. 1, the description “Jun 2010:20:30” indicates the occurrence date of an event. The description“LogProcess” indicates the program that has detected the event. Thedescription “200506 10:20:30+9:00” is another occurrence date of theevent, which is accompanied by time zone information. The description“userA” indicates a operator who has performed the operation. Thedescription “Authentication” corresponds to the event description,indicating that an authentication request has been received. Thedescription “Failed” corresponds to the event result, indicating thatthe authentication has resulted in a failure. The description“Storage-system” indicates the operation target device. The description“12345678” indicates the identifier unique to the operation targetdevice. The description “from 192.168.0.5” indicates an IP address of anaccess source host that has accessed the storage system 100.

Items to be outputted to the log vary depending upon various factorsincluding event details. For example, when there exists a operator towhich a given event is ascribed, there are an internal operationexecuted autonomously by the storage system 100, an event caused byaccess from the host interface 210, an event caused by access through amanagement interface 230, and the like. Even when output informationitems are different depending upon those events, the use of a singletemplate allows log to be outputted in a uniform format.

However, the log format does not need to be a specific format as long asnecessary information is included. In other words, it is sufficient thatthe log relating to various events can be outputted in a uniform formatby using a template that is uniform within the storage system 100.Further, the storage system 100 may provide the function to edit thetemplate.

FIG. 9 is an explanatory diagram of the log integration processingperformed between the plurality of controllers 200 according to thefirst embodiment.

On a controller 200 basis, the storage system 100 accepts access fromthe host 600 through the host interface 210, and access from the managerterminal 400 through the management interface 230. Then, each of thecontrollers 200 executes a processing on the access.

The log generation module 141 of the controller 200 generates logrelating to operation details requested of the controller 200 and actiondetails of the storage system 100 involved in the request. Then, the logwriting control module 151 writes generated log data to the cache 180.

Set in the storage system 100 including the plurality of controllers 200are the main controller 200 in charge of main log management and a subcontroller that follows the main controller 200.

The log integration program 160 of the main controller 200 reads out logdata from the log storage area of the cache 180 of another controller200, and writes the log data to the cache 180 of the main controller 200itself. Then, the main controller 200 performs management bysynchronizing all log data within the storage system 100.

It should be noted that in this embodiment, log data is synchronizedbetween the controllers 200 (in other words, the same log data is storedin the caches 180 of the controllers 200), but logs may be integrated onthe log server 300 without necessarily synchronizing log data betweenthe controllers 200. Alternatively, only the cache 180 of the maincontroller 200 may store all the log data within the storage system 100.

After that, the log writing control program 150 records the synchronizedlog data in the log storage area 190 of the disk drive 195. Further, thelog transmission program 170 reads out the log data stored in the cache180 and transmits the log data to the log server 300.

Next, description will be made on a processing of setting the logstorage area 190.

FIG. 10 is an explanatory diagram of a processing relating to setting ofa log storage area 190 according to the first embodiment.

The log storage area 190 is set according to an instruction from themanager terminal 400.

A user of the storage system 100 first uses the manager terminal 400 tocreate the log storage area 190. To be specific, the user designates alocation of the log storage area 190 in the disk drives 195 of thestorage system 100, a capacity of the log storage area 190, and a logretention term. After that, the manager terminal 400 transmits a commandto create a log storage area to the storage system 100.

The created log storage area 190 is an area that cannot be recognizedand cannot be accessed from the host 600. However, the log storage area190 can be operated by the manager terminal 400.

It should be noted that data can be written to the created log storagearea 190 only from a program permitted in advance. The manager terminal400 cannot perform data operation, such as changing or tampering, on thelog storage area 190. In addition, the manager terminal 400 cannotdelete the log storage area 190 itself. Thus, the storage system 100 ofthis embodiment includes an LU access management table 1600 shown inFIG. 12.

Accordingly, after the log storage area 190 is created, the log writingcontrol module 151 writes the log data stored in the cache 180 to thelog storage area 190.

On the other hand, in preparation for an insufficient capacity of thelog storage area 190, the manager terminal 400 provides the function toperform area expansion operation of the log storage area 190. To bespecific, the manager terminal 400 transmits to the storage system 100 acommand to expand a log storage area according to the capacity specifiedby the user.

When a predetermined amount of the log storage area 190 is used up bystoring logs, the manager terminal 400 may notify of the condition ofinsufficient capacity.

FIG. 11 is a flowchart of a management processing for a log storage areaaccording to the first embodiment, which is executed by a log storagearea management program 120.

First, the controller 200 receives a management command from the managerterminal 400 through the LAN interface 230 (S1301).

Next, it is judged whether or not the received management command is anarea creation command to create the log storage area 190 (S1302). Whenthe received command is the area creation command, the procedureadvances to a step S1307.

On the other hand, when the received command is not the area creationcommand, it is judged whether or not the command is an area expansioncommand to expand the log storage area 190 (S1303). When the receivedcommand is the area expansion command, the procedure advances to thestep S1307.

On the other hand, when the received command is not the area expansioncommand, it is judged whether or not the received command is adeletion/changing command to delete/change the log storage area 190(S1304). When the judgment result indicates that the received command isnot the deletion/changing command, which implies that the command cannotbe handled in the log storage area management processing, a commandfailure response is returned to the manager terminal 400 (S1310), andthe procedure advances to a step S1311.

On the other hand, when the received command is the deletion/changingcommand, the controller 200 refers to the log configuration information181 stored in the cache 180 to judge whether or not the target logstorage area 190 is in operation within a management term (S1305). Whenthe operation is within the management term, which implies that the logstorage area 190 is protected from any changing processing, the commandfailure response is returned to the manager terminal 400 (S1306), andthe procedure advances to the step S1311. When the operation is notwithin the management term, the processing of deleting or changing thelog storage area 190 corresponding to the received command is executed,and the procedure advances to the step S 1311.

On the other hand, when the received command is the area creationcommand or the area expansion command, in the step S1307, the controller200 extracts the specified capacity of the log storage area 190 createdin the area creation command or the area expansion command (S1307).

Then, it is judged whether or not the specified capacity is available inthe disk drive 195 provided to the storage system 100 (S1308). When thespecified capacity is available, the log storage area 190 is created tohave the specified capacity (S1309).

On the other hand, when the specified capacity is not available, thecommand failure response is returned to the manager terminal 400(S1310), and the procedure advances to the step S1311.

Finally, in the step S1311, to generate log relating to details of theprocessing executed according to the received management command, theprocessing details and processing results are outputted (S1311), and thelog storage area management processing finishes.

FIG. 12 is an explanatory diagram of an LU access management table 1600according to the first embodiment.

The LU access management table 1600 is stored in the cache 180, and usedto manage rights to access the storage system 100 from the managerterminal 400 and the host 600.

The LU access management table 1600 includes a management target 1601and an LU access flag 1602.

The management target 1601 defines data storage areas on a storagesystem. It should be noted that the log storage area is also defined asan independent log LU in the management target 1601.

The LU access flag 1602 defines subjects being access sources withrespect to the management target. Flags indicating whether or not toallow the access source subjects to write and read data to/from eachmanagement target are set on a management target basis, thereby settingrights to access from the respective access sources. When the flag isset to “1”, the operation corresponding to write, change, or read ispermitted. On the other hand, when the flag is set to “0”, the operationcorresponding to write, change, or read is not permitted.

In the conditions shown in FIG. 12, a controller program can read/writedata from/to the log LU, the manager terminal 400 can only read the logdata, and the host computer 600 cannot read/write the log data. In otherwords, the log LU is set as an area that cannot be recognized by thehost computer 600.

FIG. 13 is an explanatory diagram of a processing of generating logafter recognizing various accesses to the storage system 100 accordingto the first embodiment.

According to the first embodiment, an access detection program 202 andan access source determination program 203 run on the controller 200 ofthe storage system 100.

When the storage system 100 is accessed from the host 600 through thehost interface 210 or from the manager terminal 400 through the LANinterface 230, the access detection program 202 running on thecontroller 200 detects the access.

After that, the access source determination program 203 determines whichthe access is being made from, and refers to the LU access managementtable 1600 to judge whether or not to permit the access. When the accessis permitted, the log generation program 140 is notified of theprocessing details and processing results based on the access. The loggeneration program 140 generates log based on the notification.

FIG. 14 is an explanatory diagram of a log storage area registrationscreen 1000 according to the first embodiment.

The screen shown in FIG. 14 is an example of a user interface forsetting the log storage area 190 in the storage system 100, and isdisplayed on a display device of the manager terminal 400 used by auser.

The log storage area registration screen 1000 is provided with names ofinput items and input fields 1001 to 1004 to be filled with valuescorresponding thereto. To be specific, inputted in the log storage arearegistration screen 1000 are a logical unit number (LUN) 1001 of alogical unit in which a log storage area is to be created, a size 1002of the log storage area, a RAID group number 1003 of a RAID group inwhich the log storage area is created, and a management expiration 1004until which log is stored.

After filling the input fields with the values, a user of the storagesystem 100 presses an “OK” button 1005 with an input device (such as amouse) to reflect the input settings on the storage system 100.Alternatively, the user presses a “cancel” button 1006 to discard theinput information.

By specifying the LUN 1001, the size 1002, and the RAID group 1003, theuser designates which size of area is reserved in which location in thedisk drive 195. In addition, the log is maintained in the log storagearea 190 until the date specified in the management expiration 1004.Further, the changing and deletion of the log storage area 190 is notpermitted until the date specified in the management expiration 1004,thereby realizing protection of the log storage area 190.

It should be noted that the input items may be changed depending uponthe conditions necessary to set in the storage system 100. Also, insteadof a GUI, other input methods such as a command line interface may beadopted.

FIG. 15 is an explanatory diagram of the data migration processingperformed between storage systems 100 according to the first embodiment.

To migrate data between the storage systems 100, the log migrationmanagement program 125 is executed to transfer user data stored in thedisk drive 195 of the storage system 100 and log data stored in the logstorage area 190, to the storage system 100 at a migration destination.At this time, information on the storage system 100 at a migrationsource and information on the storage system 100 at the migrationdestination are managed by using an inter-storage-system migrationmanagement table 900, thereby managing information on when data ismigrated from which storage system 100 to which storage system 100. Byrecording information in the inter-storage-system migration managementtable 900, it is possible to provide means for managing logcontinuously.

Further, information on association between the storage systems 100 isrecorded in a newly-provided storage system 100. Then, the recordedassociation information allows the newly-provided storage system 100 touse the log data stored in an old storage system 100. It should be notedthat in this case, it is unnecessary to migrate the log data, butnecessary to maintain the old storage system 100.

FIG. 16 is an explanatory diagram of the inter-storage-system migrationmanagement table 900 according to the first embodiment.

Upon the data migration between the plurality of storage systems 100,information as to from which storage system 100 to which storage system100 the data is migrated is stored in the inter-storage-system migrationmanagement table 900.

The inter-storage-system migration management table 900 includes amanagement item 901 and migration information 902. To be specific, theinter-storage-system migration management table 900 includes an address906, a management IP address 907, a device number 908, and a migrationdate 909 for each migration destination device 903 and each migrationsource device 904.

The address 906 indicates information on an address of a host interface.The management IP address 907 indicates information on an IP address ofa management interface. The device number 908 indicates an identifierfor uniquely identifying the storage system 100. The migration date 909indicates a date on which data is migrated.

As described above, according to the first embodiment of this invention,log data is generated according to the uniform log format template 1500to record therein all the processings that are requested through thevarious interfaces 210 and 230 provided to the storage system 100 andall the processings that are internally executed in the storage system.The same template 1500 is used to record the operation details withinthe storage system in the log. Accordingly, references can be made toprocessings executed in response to the requests made to the storagesystem 100 and operation records of the storage system.

Further, the changing or deletion of the maintained log is not permittedduring the preset term, thereby only permitting log data to beadditionally written, which prevents the log data from being tampered.This guarantees that an authorized log is maintained during theoperation of the storage system, so an inspection record can be providedupon occurrence of a security-related issue, and information fordiagnosing the cause of the failure that has occurred.

(Second Embodiment)

FIG. 17 is a block diagram showing a hardware structure of the storagesystem 100 according to a second embodiment.

According to the second embodiment, the log data 182 and the time data184 are stored in the memory 250 instead of the cache 180. The othercomponents are the same as those described above in the firstembodiment, and are therefore denoted by the same reference numeralswith their description omitted.

In general, the memory 250 provides faster access speed than the cache180, but only has a smaller capacity. By storing the time data 184 inthe memory 250, it is possible to reduce processing time for generatinglog. In addition, by storing the log data 182 in the memory 250, it ispossible to reduce processing time until the log management module 110writes log data to the disk drive 195 or transmits the log data to thelog server 300.

(Third embodiment)

FIG. 18 is a block diagram showing a hardware structure of the storagesystem 100 according to a third embodiment.

According to the third embodiment, a plurality of log storage areas arecreated in the disk drive 195, and managed independently of each other.The other components are the same as those described above in the firstand second embodiments, and are therefore denoted by the same referencenumerals with their description omitted.

According to the third embodiment, there are provided an authenticationlog storage area 191, a failure log storage area 192, and a log storagearea 193 that suits a user's purpose as the need arises. Recorded in theauthentication log storage area 191 is the log data relating toauthentications among the operation commands transmitted from themanager terminal 400. The log data relating to failures among theoperations of storage system 100 are collectively recorded in thefailure log storage area 192.

Thus, a log storage area judgment table 185 is provided to judge whichoperation is stored in which log storage area. Stored in the log storagearea judgment table 185 are the processing details and processingresults involved in the storage system and the corresponding log storageareas.

Therefore, according to the third embodiment, a plurality of log storageareas are provided to suit various uses, which can store log datadifferent in recorded details and retention terms depending upon theusers' purposes.

While the present invention has been described in detail and pictoriallyin the accompanying drawings, the present invention is not limited tosuch detail but covers various obvious modifications and equivalentarrangements, which fall within the purview of the appended claims.

1. A storage system, comprising: a first interface connected to a hostcomputer; a second interface connected to a manager terminal; a controlunit connected to the first interface and the second interface andincluding a processor and a memory; and one or more disk drives in whichdata that is requested to read by the host computer is stored, whereinthe control unit detects an access from the host computer to the firstinterface and an access from the manager terminal to the secondinterface, and generates log data of operations according to theaccesses.
 2. The storage system according to claim 1, furthercomprising: a storage unit for storing a template for specifying aformat of the generated log; and a cache for temporarily storinginformation to be stored in the disk drive is, wherein after detectingthe access from the host computer to the first interface and the accessfrom the manager terminal to the second interface, the control unitobtains processing details and processing results executed incorrespondence with the accesses, applies the template to the processingdetails and the processing results to generate log data, and stores thegenerated log data in the cache.
 3. The storage system according toclaim 2, wherein the storage unit is provided in the cache.
 4. Thestorage system according to claim 2, wherein the control unit obtainsprocessing details and processing results executed within the storagesystem with relation to neither the accesses to the first interface northe second interface, applies the template to the processing details andthe processing results to generate log data, and stores the generatedlog data in the cache.
 5. The storage system according to claim 1,further comprising: a logical area composed of the one or more diskdrives; and a storage unit for storing access management information forspecifying permission of an access to the logical area, wherein thecontrol unit creates a log storage area for storing the generated logdata therein, and denies an access from the host computer to the logstorage area by referring to the access management information anddenies an access from the management computer to attempt to delete thelog storage area by referring to the access management information. 6.The storage system according to claim 1, further comprising: a logicalarea composed of the one or more disk drives; and a plurality of controlunits, wherein: one of the plurality of control units is determined as amain control unit for managing the log data; the logical area includes alog storage area storing the generated log data; and the main controlunit obtains log data relating to a processing performed by anothercontrol unit, stores the log data in the log storage area, and transmitsthe log data to an outside of the storage system.
 7. The storage systemaccording to claim 1, further comprising a storage unit for storingmigration management information including migration information on logdata, wherein upon migration of the log data from the storage system toanother storage system, the control unit stores migration information ona destination storage system, migration information on a source storagesystem, and migration date, in the migration management information. 8.A computer system, comprising: a host computer; a manager terminal; anda storage system, the host computer comprising: an interface connectedto the storage system; a processor connected to the interface; and amemory connected to the processor, the manager terminal comprising: aninterface connected to the storage system; a processor connected to theinterface; and a memory connected to the processor, the storage system,comprising: a first interface connected to the host computer; a secondinterface connected to the manager terminal; a control unit connected tothe first interface and the second interface and equipping a processorand a memory; and one or more disk drives in which data that isrequested to read by the host computer is stored, wherein the controlunit detects an access from the host computer to the first interface andan access from the manager terminal to the second interface, andgenerates log data of operations according to the accesses.
 9. Thecomputer system according to claim 8, wherein: the storage systemfurther comprises: a storage unit for storing a template for specifyinga format of the generated log data; and a cache for temporarily storinginformation to be stored in the disk drive; and after detecting theaccess from the host computer to the first interface and the access fromthe manager terminal to the second interface, the control unit obtainsprocessing details and processing results executed in correspondencewith the accesses, applies the template to the processing details andthe processing results to generate log data, and stores the generatedlog data in the cache.
 10. The computer system according to claim 9,wherein the storage unit is provided in the cache.
 11. The computersystem according to claim 9, wherein the control unit obtains processingdetails and processing results executed within the storage system withrelation to neither the accesses to the first interface nor the secondinterface, applies the template to the processing details and theprocessing results to generate log data, and stores the generated logdata in the cache.
 12. The computer system according to claim 8,wherein: the storage system further comprises: a logical area composedof the one or more disk drives; and a storage unit for storing accessmanagement information for specifying permission of an access to thelogical area; and the control unit creates a log storage area forstoring the generated log therein, and denies an access from the hostcomputer to the log storage area by referring to the access managementinformation and denies an access from the manager terminal to attempt todelete the log storage area by referring to the access managementinformation.
 13. The computer system according to claim 8, furthercomprising a log server that comprises: an interface connected to thestorage system; a processor connected to the interface; and a memoryconnected to the processor, wherein: the storage system furthercomprises: a logical area composed of the one or more disk drives; and aplurality of the control units; one of the plurality of control units isdetermined as a main control unit for managing the log data; the logicalarea includes a log storage area storing the generated log data; and themain control unit obtains log data relating to processes performed byanother control unit, stores the log data in the log storage area, andtransmits the log to the log server.
 14. The computer system accordingto claim 8,wherein: the storage system further comprises a storage unitfor storing migration management information including migrationinformation on log data; and upon migration of the log data from thestorage system to another storage system, the control unit storesmigration information on a destination storage system, migrationinformation on a source storage system, and migration date, in themigration management information.